MM-SA-2026-003 Security Advisory
Out-of-bounds read in morse.ko Vendor IE processing
|
CVE |
CVE-2026-7764 |
|
Severity |
Medium (CVSS v3.1 6.5) |
|
Fixed in |
HaLowLink 2 software version 2.11.12 |
|
Status |
Resolved |
Summary
An out-of-bounds read in the morse.ko HaLow Wi-Fi kernel driver allows an unauthenticated attacker within radio range to disclose a small amount of kernel heap memory or cause a denial of service via a crafted 802.11ah beacon or probe response containing a malformed Vendor Information Element.
Affected products
|
Product |
Affected versions |
Fixed version |
|---|---|---|
|
HaLowLink 2 |
All versions prior to 2.11.12 |
2.11.12 |
Customers using morse.ko in their own Linux integrations should treat their integration as affected if the driver source corresponds to a Morse Micro driver release predating 2.11.12. Contact security@morsemicro.com for patched source.
Action
Upgrade HaLowLink 2 software to 2.11.12 or later.
Acknowledgements
Reported to Morse Micro through Bugcrowd. Morse Micro thanks the researcher for responsible disclosure.


